devise-jwt 0.8.1 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/README.md +9 -9
- data/devise-jwt.gemspec +1 -1
- data/lib/devise/jwt/version.rb +1 -1
- data/lib/devise/jwt.rb +14 -16
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5e40b6ccd72ec79899cc680dcbcafbfa0e2375ef5a079d21fd2bbd41863a0dd1
|
|
4
|
+
data.tar.gz: a2e8404f365a91acd324d5d62a6276943d08f0fd012b33f8e1a54098531d9327
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d39b950c6f645a487274958c644f637a61c4bcade854703027c04202f594fe4b7409861b8275b13f02d231ea2a292135b3ec94a06e3c04cc593529129ce7f68
|
|
7
|
+
data.tar.gz: a804da86acdc39451f169fef0e8b04ca7bd8874600a6259ae494a02ca85b727e3bd9e08590cfa0ca8c615af11ebec58df5032948a1ae76a57e3fd1f2cc52e11e
|
data/CHANGELOG.md
CHANGED
|
@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
-
## [0.
|
|
7
|
+
## [0.9.0] - 2021-09-21
|
|
8
|
+
### Fixed
|
|
9
|
+
- Fix compatibility with dry-configurable 0.13
|
|
10
|
+
|
|
11
|
+
## [0.8.1] - 2021-02-14
|
|
8
12
|
### Fixed
|
|
9
13
|
- Fix behaviour on code reload
|
|
10
14
|
- Support ruby 3.0 and deprecate ruby 2.5
|
data/README.md
CHANGED
|
@@ -14,10 +14,10 @@ solution using refresh tokens, like some implementation of OAuth2.
|
|
|
14
14
|
|
|
15
15
|
You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
|
|
16
16
|
|
|
17
|
-
- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation
|
|
18
|
-
- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies
|
|
19
|
-
- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage
|
|
20
|
-
- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails
|
|
17
|
+
- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation)
|
|
18
|
+
- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies)
|
|
19
|
+
- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage)
|
|
20
|
+
- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails)
|
|
21
21
|
|
|
22
22
|
`devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
|
|
23
23
|
|
|
@@ -34,21 +34,21 @@ For `Denylist`, you only need to update the `include` line you're using in your
|
|
|
34
34
|
include Devise::JWT::RevocationStrategies::Denylist
|
|
35
35
|
```
|
|
36
36
|
|
|
37
|
-
For `
|
|
37
|
+
For `Allowlist`, you need to update the `include` line you're using in your user model:
|
|
38
38
|
|
|
39
39
|
```ruby
|
|
40
40
|
# include Devise::JWT::RevocationStrategies::Whitelist # before
|
|
41
41
|
include Devise::JWT::RevocationStrategies::Allowlist
|
|
42
42
|
```
|
|
43
43
|
|
|
44
|
-
You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
|
|
44
|
+
You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt`, rename `model/whitelisted_jwt.rb` to `model/allowlisted_jwt.rb` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
|
|
45
45
|
|
|
46
46
|
## Installation
|
|
47
47
|
|
|
48
48
|
Add this line to your application's Gemfile:
|
|
49
49
|
|
|
50
50
|
```ruby
|
|
51
|
-
gem 'devise-jwt'
|
|
51
|
+
gem 'devise-jwt'
|
|
52
52
|
```
|
|
53
53
|
|
|
54
54
|
And then execute:
|
|
@@ -91,7 +91,7 @@ You have to tell which user models you want to be able to authenticate with JWT
|
|
|
91
91
|
|
|
92
92
|
See [request_formats](#request_formats) configuration option if you are using paths with a format segment (like `.json`) in order to use it properly.
|
|
93
93
|
|
|
94
|
-
As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation
|
|
94
|
+
As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation).
|
|
95
95
|
|
|
96
96
|
An example configuration:
|
|
97
97
|
|
|
@@ -180,7 +180,7 @@ So, if you want to avoid this caveat you have three options:
|
|
|
180
180
|
|
|
181
181
|
### Revocation strategies
|
|
182
182
|
|
|
183
|
-
`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies
|
|
183
|
+
`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies), where I also talk about their pros and cons.
|
|
184
184
|
|
|
185
185
|
#### JTIMatcher
|
|
186
186
|
|
data/devise-jwt.gemspec
CHANGED
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
24
|
spec.add_dependency 'devise', '~> 4.0'
|
|
25
|
-
spec.add_dependency 'warden-jwt_auth', '~> 0.
|
|
25
|
+
spec.add_dependency 'warden-jwt_auth', '~> 0.6'
|
|
26
26
|
|
|
27
27
|
spec.add_development_dependency "bundler", "> 1"
|
|
28
28
|
spec.add_development_dependency "rake", "~> 13.0"
|
data/lib/devise/jwt/version.rb
CHANGED
data/lib/devise/jwt.rb
CHANGED
|
@@ -34,27 +34,25 @@ module Devise
|
|
|
34
34
|
Warden::JWTAuth.config.send(setting)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
setting(:secret,
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
setting(:secret,
|
|
38
|
+
default: Warden::JWTAuth.config.secret,
|
|
39
|
+
constructor: ->(value) { forward_to_warden(:secret, value) })
|
|
40
40
|
|
|
41
|
-
setting(:expiration_time,
|
|
42
|
-
|
|
43
|
-
|
|
41
|
+
setting(:expiration_time,
|
|
42
|
+
default: Warden::JWTAuth.config.expiration_time,
|
|
43
|
+
constructor: ->(value) { forward_to_warden(:expiration_time, value) })
|
|
44
44
|
|
|
45
45
|
setting(:dispatch_requests,
|
|
46
|
-
Warden::JWTAuth.config.dispatch_requests
|
|
47
|
-
|
|
48
|
-
end
|
|
46
|
+
default: Warden::JWTAuth.config.dispatch_requests,
|
|
47
|
+
constructor: ->(value) { forward_to_warden(:dispatch_requests, value) })
|
|
49
48
|
|
|
50
49
|
setting(:revocation_requests,
|
|
51
|
-
Warden::JWTAuth.config.revocation_requests
|
|
52
|
-
|
|
53
|
-
end
|
|
50
|
+
default: Warden::JWTAuth.config.revocation_requests,
|
|
51
|
+
constructor: ->(value) { forward_to_warden(:revocation_requests, value) })
|
|
54
52
|
|
|
55
|
-
setting(:aud_header,
|
|
56
|
-
|
|
57
|
-
|
|
53
|
+
setting(:aud_header,
|
|
54
|
+
default: Warden::JWTAuth.config.aud_header,
|
|
55
|
+
constructor: ->(value) { forward_to_warden(:aud_header, value) })
|
|
58
56
|
|
|
59
57
|
# A hash of warden scopes as keys and an array of request formats that will
|
|
60
58
|
# be processed as values. When a scope is not present or if it has a nil
|
|
@@ -69,6 +67,6 @@ module Devise
|
|
|
69
67
|
# user: [:json],
|
|
70
68
|
# admin_user: [nil, :xml]
|
|
71
69
|
# }
|
|
72
|
-
setting :request_formats, {}
|
|
70
|
+
setting :request_formats, default: {}
|
|
73
71
|
end
|
|
74
72
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0.
|
|
33
|
+
version: '0.6'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0.
|
|
40
|
+
version: '0.6'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -248,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
248
248
|
- !ruby/object:Gem::Version
|
|
249
249
|
version: '0'
|
|
250
250
|
requirements: []
|
|
251
|
-
rubygems_version: 3.2
|
|
251
|
+
rubygems_version: 3.1.2
|
|
252
252
|
signing_key:
|
|
253
253
|
specification_version: 4
|
|
254
254
|
summary: JWT authentication for devise
|